| 1 |
On 13 Aug 2003 07:59:23 +0200 |
| 2 |
Klavs Klavsen <kl@××××.dk> wrote: |
| 3 |
|
| 4 |
> Hi guys, |
| 5 |
> |
| 6 |
> I know there has been several requests (also from me) asking for a way |
| 7 |
> to do security updates only. |
| 8 |
> |
| 9 |
> Something like emerge -s world --nodeps (should update every package |
| 10 |
> that has had a GLSA for it if the version matches the GLSA(s)) would |
| 11 |
> IMHO be very cool and very much needed. Then I bet many people would |
| 12 |
> set that to update automagically - which should be possible - would |
| 13 |
> help security a whole lot :) |
| 14 |
> |
| 15 |
> I'm no python programmer (atleast not yet - a frind of mine tells me |
| 16 |
> it's quite easy, and a cool language :) - and I don't know how well |
| 17 |
> portage is structured, but I think this security thing could easily be |
| 18 |
> accomplished, if the GLSA's were added to the tree (why shouldn't they |
| 19 |
> - they don't take up much space, and why should people have to go to |
| 20 |
> the webpage, or receive an email to get notified?). |
| 21 |
> |
| 22 |
> What do you think? |
| 23 |
|
| 24 |
I wrote a small prototype for that, but it needs support from the |
| 25 |
GLSA guys as it is very difficult to get the GLSA from a script as they |
| 26 |
are only published at different mailing lists and the forums. Another |
| 27 |
issue is that my script works with XML versions of GLSA, so someone |
| 28 |
needs to convert the plaintext versions. |
| 29 |
Code, DTD and sample XML GLSA are available at |
| 30 |
http://gentoo.devel-net.org/glsa/ . |
| 31 |
|
| 32 |
Marius |
| 33 |
|
| 34 |
-- |
| 35 |
gentoo-dev@g.o mailing list |
Archives